Hyperledger Fabric Single Member Blockchain in Azure Marketplace

Christine Avanessians | Senior Program Manager

Overview
Over the past year, we have worked diligently to develop an open blockchain ecosystem on Microsoft Azure
for blockchain application development. Our goal has been to empower users to build blockchain solutions
easily, with the ledger and development tools of your choice.

Initially, we targeted dev/test topologies to deliver development and demo machines for a variety of protocols.
We received ample positive feedback from customers to expand support to more complex topologies as they
began working on more advanced scenarios. We have now built out support for Hyperledger Fabric Single
Member (multi-node) network solution templates in the Azure marketplace.

After reading this article, you will:

• Obtain working knowledge of blockchain, Hyperledger Fabric, and more complicated consortium
network architectures
• Learn how to deploy and configure a single-member Hyperledger Fabric consortium network from
within the Azure Management Portal

About blockchain
For those that are new to the blockchain community, this is a great opportunity to learn about the technology
in an easy and configurable manner on Azure. Blockchain is the underlying technology behind Bitcoin;
however, it is much more than just an enabler for a virtual currency. It is a composite of existing database,
distributed system, and cryptographic technologies that enables secure multi-party computation with
guarantees around immutability, verifiability, auditability, and resiliency to attack. Different protocols employ
different mechanisms to provide these attributes. Hyperledger Fabric is one such protocol.

Consortium Architecture on Azure

This template deploys a topology to help test and simulate production for users within a single organization
(single member). This deployment comprises of a multi-node network in a single region, soon to be expanded
to multiple regions.

The network comprises of three types of nodes:

1. Member Node: A node running the Fabric membership service that registers and manages members
of the network. This node can eventually be clustered for scalability and high availability, however in
this lab, a single member node will be used.
2. Orderer Nodes: A node running the communication service implementing a delivery guarantee, such
as total order broadcast or atomic transactions.
3. Peer Nodes: A node that commits transactions and maintains the state and a copy of the distributed
ledger.

Getting Started
To begin, you will need an Azure subscription that can support deploying several virtual machines and
standard storage accounts. If you do not have an Azure subscription, you can create a free Azure account.

By default, most subscription types support a small deployment topology without needing to increase quota.
The smallest possible deployment for one member will need:
1
 ▪ 5 virtual machines (5 cores)
▪ 1 VNet
▪ 1 load balancer
▪ 1 public IP address

Once you have a subscription, go to the Azure portal. Select ‘+’, select Blockchain, and select ‘Hyperledger
Fabric Single Member Blockchain’.

Deployment
To start, select the ‘Hyperledger Fabric Single Member Blockchain’ and click ‘Create’. This will open the ‘Basics’
blade in the wizard.

The Template Deployment will walk you through configuring the multi-node network. The deployment flow is
divided into three steps: Basics, Network configuration, and Fabric configuration.

Basics
Under the ‘Basics’ blade, specify values for standard parameters for any deployment, such as subscription,
resource group, and basic virtual machine properties.
2
A detailed description of each parameter follows:
Parameter Name
Resource prefix
VM user name
Authentication type
Password (Authentication
type = Password)
SSH Key (Authentication
type = Public Key)
Restrict access by IP
address
Allowed IP address or
subnet (restrict access by
IP address = Yes)
Subscription
Resource Group
Location
Description Allowed Default
Values Value
A string used as a base for naming the 6 characters NA
deployed resources. or less
The user name of the administrator for 1-64 azureuser
each of the virtual machines deployed characters
for this member.
The method to authenticate to the Password or Password
virtual machine. SSH public key
The password for the administrator 12 -72 NA
account for each of the virtual machines characters
deployed. The password must contain 3
of the following: 1 upper case character,
1 lower case character, 1 number, and 1
special character.
While all VMs initially have the same
password, you can change the password
after provisioning.
The secure shell key used for remote NA
login.
Setting to determine type whether client Yes/No No
endpoint access is restricted or not.
The IP address or the set of IP addresses NA
that is allowed to access the client
endpoint when access control is
enabled.
The subscription to which to deploy.
The resource group to which to deploy NA
the consortium network.
The Azure region to which to deploy the
first member’s network footprint.
3
A sample deployment is shown below:

Network size and performance

Next, under ‘Network size and performance,’ specify inputs for the size of the consortium network, such as the
number of membership, orderer, and peer nodes. Choose infrastructure options and your Virtual machine size.

A detailed description of each parameter follows:

Parameter Name Description Allowed Default

Values Value
Number of Membership The number of nodes that run the 1 1
Nodes membership service. For additional
details on the membership service, look
at Security & Membership Services
under the Hyperledger documentation.

This value is currently restricted to 1

Number of Orderer Nodes
node, but we plan to support scale out
through clustering in the next revision.
The number of nodes that order 1 1
(organize) transactions into a block.-->
This statement is wordy and confusing.
For additional details on the ordering
service, visit the Hyperledger
documentation.
4
 This value is currently restricted to 1
node, but we plan to support scale out in
the next version.
Number of Peer Nodes Nodes that are owned by consortium 3 3-9
members that execute transactions and
maintain the state and a copy of the
ledger.

For additional details on the ordering

service, visit the Hyperledger
documentation.
Storage performance The type of storage backing each of the Standard or Standard
deployed nodes. To learn more about Premium
storage, visit Introduction to Microsoft
Azure Storage and Premium Storage.
Virtual machine size The virtual machine size used for all Standard A, Standard
nodes in the network Standard D, D1_v2
Standard D-v2,
Standard F
series,
Standard DS,
and Standard
FS

5
A sample deployment is shown below:

Fabric specific settings

Finally, under Fabric specific settings, specify Fabric-related configuration settings.

A detailed description of each parameter follows:

Parameter Name Description Allowed Default

Values Value
Bootstrap User Name The initial authorized user that will be 9 or fewer admin
registered with the member services in characters
the deployed network.
Bootstrap User Password The administrator password used to 12 or more NA
for Fabric CA secure the Fabric CA account imported characters
into the Membership node.

The password must contain the

following: 1 upper case character, 1
lower case character, and 1 number.

6
A sample deployment is shown below:

7
Deploy
Click through the summary blade to review the inputs specified and to run basic pre-deployment validation.

Review legal and privacy terms and click ‘Purchase’ to deploy. Depending on the number of VMs being
provisioned, deployment time can vary from a few minutes to tens of minutes.

8
Accessing Nodes
Once the deployment is finished, you should see an Overview screen much like the picture below.

If the screen does not appear automatically (maybe because you moved around the management portal while
the deployment was running), you can always find it in the Resource Groups tab in the left-side navigation bar.
Just click on the Resource Group name you entered in step 1 to go to the Overview screen.

This Overview screen shows you a list of all the resources that were deployed by the solution template. You
can explore them at will, but from this screen you can also access the output parameters generated by the
template. These output parameters will give you useful information when connecting to your Hyperledger
Fabric network.

To access the output parameters, first click on the Deployments tab in the Resource Group blade. This opens
the Deployment History as shown below.

9
From the Deployment History, click on the first deployment in the list to look at the details.

The details screen will show you a summary of the deployment, followed by three useful output parameters:

• The API-ENDPOINT can be used once you deploy an application on the network.

• The PREFIX, also called deployment prefix, uniquely identifies your resources and your deployment. It
will be used when using the command-line based tools.

• The SSH-TO-FIRST-VM gives you a pre-assembled ssh command with all the right parameters required
to connect to the first VM in your network; in the case of Hyperledger Fabric, it will be the Fabric-CA
node.

You can remotely connect to the virtual machines for each node via SSH with your provided admin username
and password/SSH key. Since the node VMs do not have their own public IP addresses, you will need to go
through the load balancer and specify the port number. The SSH command to access the first transaction node
is the third template output, ‘SSH-TO-FIRST-VM (for the sample deployment: ssh -p 3000
azureuser@hlf2racpt.northeurope.cloudapp.azure.com). To get to additional transaction nodes, increment
the port number by one (e.g. the first transaction node is on port 3000, the second is on 3001, the third is on
3002, etc.).

10
Next Steps
You are now ready to focus on application and chaincode development against your Hyperledger consortium
blockchain network. Happy coding!

11